Security: Windows 10 includes number of missing or incorporate security features of Windows 7. However, the publisher does not have them all yet implemented. Selection of notable changes introduced by Microsoft.
Why should Windows 7 users upgrade to Windows 10? Microsoft spokespersons have for quite some time developed their arguments about it.
Yes, the Start menu has more or less made his return. Yes also, the editor has integrated Cortana PC. But these features are not enough to convince users, especially business, to give up Windows 7, a mature system that has proven itself.
The exclusive security features in Windows 10 are probably more likely to be weighed for business customers. To date, and particularly recently, Microsoft is fairly expressed thereon. One reason is that these security features have yet to be fully integrated.
Microsoft introduced Windows Hello, the new biometric authentication technology that will allow users to access their Windows terminals 10 without a password. New equipment is needed to take advantage of Hello, operator authentication facial recognition and fingerprints. Hello is available on all Windows 10 editions (Home, Pro, Enterprise and Education). But other security features will be available only to some users.
Enterprise Data Protection and Enterprise Passport in it. This week, Microsoft announced that they would be deployed in September in a new build of Windows 10. The final deployment will occur by the end of 2015, possibly in the framework of the Threshold Update 2.
But there are other security features on which Microsoft remained the least discreet so far.
One is the BitLocker disk. While the feature is already built into Windows 7 (Ultimate and Enterprise), however the editor will with Windows 10, expand its access to a greater number of users (Pro, Enterprise and Education).
There are more. Below is a table found on the Microsoft Download Center that compares Windows 7 and Windows 10 security.
As indicated above, some of the presented functions must be further introduced by Microsoft, including Enterprise Data Protection and variant Passport undertaking.
Enterprise Data Protection (EDP) will build on the prevention of data leaks present in Windows 7. But it goes beyond separating the pros and personal data in separate containers. EDP will be integrated with Azure Active Directory and Rights Management Services. Microsoft ensures that EDP will provide a seamless user experience between mobile and desktop. This function will be implemented in the Pro editions, Enterprise and Education of Windows 10.
Microsoft Passport is designed to enable users to connect more securely to applications, online and internal content without password. Passport suporte Accounts and Microsoft Azure Active Directory. The feature is already present in Windows 10 Home and Pro, but it still must be in Windows 10 Company.
Device Guard is another unique security feature to Windows 10, and for which little information has been sent. Device Guard provides application control; an application must prove that it is confidence before executing. Microsoft boasts a function providing innovative resilience to malware on workstation.
Credential Guard, the twin service aims to protect the "secret", which in previous versions of Windows were stored in the Local Security Authority (LSA), via a security system based on virtualization. Thus, the stored data will not be available to the rest of the operating system.
Device and Credential Guard Guard will be available only for users of Education and Enterprise editions of Windows 10.
To go further, a new technology was implemented in the Windows 10 kernel to run Device and Credential Guard Guard. Microsoft recently posted on its website Channel 9 video series dedicated to this technology called User Mode Isolated (IUM).
IUM - specific to Windows 10 - introduced the idea of a secure kernel and secure applications that run in a different address space than the normal kernel.
IUM is based on Virtualization Based Security (VBS) of Windows, eg Secure Virtual Mode. VBS is already in Windows 10. Windows isolates a function executed in a VBS environment from the rest of the OS. Thus, data and processes can not be viewed or altered by Microsoft.
Device Guard operates the VBS environment to prevent the compromise of its functionality. Device Guard was designed to thwart zero-day attacks (hardware) against the kernel mode. According to a Microsoft spokesperson questioned, security goes well beyond that AppLocker can be fooled if an attacker has administrator rights.
"Device Guards requires a 'signed' policy, which means that only a political update signed by a trusted signer can change the application control policy that has been configured on the terminal. The signed policy is critical to our ability to prevent an attacker with admin access cancels the application control rules allowing it to run non-approved apps or malicious, "says Microsoft ZDNet.
With the arrival of the next major release of Windows 10 (Threshold 2) before the end of the year, Microsoft should more clearly highlight the strengths of the security plan of Windows 10 over Windows 7. In the interim, it is the Windows Insiders who will be frontline.
0 comments :
Post a Comment